IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of: 

Dr. Hans- Joachim Muschenbom 

Serial No.: Unknown 
Filed: Herewith 

For: PROTECTION OF SECURITY CRITICAL 
DATA IN NETWORKS 



Docket No.: 12964.20 
Group Art Unit: Unknown 
Examiner: Unknown 



PRELIMINARY AMENDMENT 



Commissioner For Patents 
Washington, DC 20231 



Sir: 



Prior to the initial examination of the above application please enter the following: 



IN THE SPECIFICATION 

Please amend page 1 to read: 

This application claims priority under German Patent application number 199 61 399.0 filed on 
December 20, 1999. 
In the claims: 

Please amend the following claims: 

4. (Amended) Networksystem accordingto [one of] claim[s] 1 [to 3], wherein the 
central unit ZE stores authorization data AD and wherein at least one peripheral thread after connecting to 
the central process Z on ZE transmits access data to Z, and wherein Z checks the access rights of the 
peripheral process by checking said access data against said authentization data AD, and wherem Z 
terminates the connection to said peripheral process if the result of said check of said access rights is 
negative. 

5 . (Amended) Network system according to [one of ] claims 1 [ to 3] , wherein at 
least one Unit AE directly or indirectly physically connected with central unit ZE stores authorization data 
AD and wherein AE executes at least one authorization thread AS able to build-up or accept a standing 
logical connection to or from Z, and wherein at least one peripheral thread after build-up of the connection 
to central process Z sends Z access data, and wherein Z receives said access data and forwards said access 
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data to AS, and wherein AS receives said access data, checks the access rights of said peripheral process by 
checking said access data against said authorization data AD and transmits the result of said check of said 
access rights to Z, and wherein Z terminates the connection to said peripheral process if the result of said 
check of said access rights is negative. 

8 . (Amended) Network system according to [one of the] claim[s] 6 [or 7] wherein 
at least one peripheral thread transmits to the logon process additional access data, and wherein the logon 
process checks the access rights of said peripheral process by checking said access data against predefined 
authorization data, and wherein said logon process triggers at least one central process to open a new 
connection endpoint only if said authorization check returns a positive result. 

10. (Amended) Network system according to [one of the] claim[s] 6 [to 9] wherein 
at least one peripheral thread does not know the local identification of at least one temporarily opened 
connection endpoint by at least one central process, and wherein said peripheral thread receives said local 
identification fi-om at least one logon process. 

13. (Amended) Network system according to claim[s] 9 [and 10] wherein at least 
one authorization service generates at least one local identification of at least one connection endpoint to be 
provided by at least one of the central processes and transmits said generated local identification during 
connection build-up via at least one logon process to at least one peripheral thread and to at least one central 
process providing at least one temporarily open connection endpoint with said generated local identification. 

14. (Amended) Network system according to [one of ]claim[s] 9 [to 13] wherein 
at least one local identification of at least one temporarily opened connection endpoint of at least one central 
process is generated randomly or pseudo-randomly. 

15. (Amended) Network system according to [one of] claim[s] 9 [to 14] wherein 
at least one local identification of at least one temporarily opened connection endpoint of at least one central 
process is transmitted in at least one encrypted message. 

16. (Amended) Network system according to [oneofthe] claim[s] [6 to 15] wherein 
at least one peripheral thread does not know the physical address of the network interface of at least one 
target central unit, and wherein said peripheral thread receives from at least one logon process the physical 
address of at least one network interface of at least one central unit executing at least one central process 
providing at least one temporarily open connection endpoint. 

19. (Amended) Network system according to [one of the] claim[s] 9 [to 1 6] wherein 
at least one authorization service selects at least one central process Zl providing at least one temporarily 
open connection endpoint and transmits via at least one logon process the physical address of the network 
interface of the central unit executing Zl to at least one peripheral thread during connection build-up. 



20. (Amended) Network system according to [one of the] claim[s] [16 to 19] 
wherein at least one central process is selected randomly or pseudo-randomly. 

21. (Amended) Network system according to [one of the] claim[s] 16 [to 20] 
wherein the physical address of at least one network interface of at least one central unit running at least one 
central process providing at least one temporarily open connection endpoint is transmitted in encrypted form. 

22. (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one service builds-up or accepts at least one standing logical connection to or from at least 
two central processes, and wherein said service provides on at least two of its connections different protocols. 

23 . (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one of the protocols of at least one service can be activated during operation. 

24. (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one of the protocols of at least one service can be deactivated during operation. 

25. (Amended) Network system according to [one of the] claim[s] 23 [or 24] 
wherein the activation or deactivation of at least one protocol of at least one service is controlled by at least 
one function of at least one protocol of said service. 

26. (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one function of at least one protocol of at least one service can be activated during operation. 

27 . (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one function of at least one protocol of at least one service can be deactivated during 
operation. 

28. (Amended) Network system according to [one of the] claim[s] 26 [or 27] 
wherein the activation or deactivation of at least one function of at least one protocol of at least one service 
is controlled by at least one function of at least one protocol of said service. 

29 . (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one protocol of at least one service can be loaded into the addressable memory space of said 
service during operation. 

30. (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one protocol of at least one service can be removed from the addressable memory space of 
said service during operation, such that all functions of said removed protocol can only be called again after 
said protocol has been loaded again into the addressable memory space of said service. 

31. (Amended) Network system according to [one of the] claim[s] 29 [or 30] 
wherein the loading or removal of at least one protocol of at least one service is controlled by at least one 
function of at least one protocol of said service. 
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32. (Amended) Network system according to [one of the previous claims] claim 1 
wherein at least one function of at least one protocol of at least one service can be loaded into the addressable 
memory space of said service during operation. 

33. (Amended) Network system according to [one of the previous claims] claim 
i wherein at least one function of at least one protocol of at least one service can be removed from the 
addressable memory space of said service during operation, such that said removed function can only be 
called again after said removed function has been loaded again into the addressable memory space of said 
service. 

34. (Amended) Network system according to [one of the] claim[s] 32 [or 33] 
wherein the loading or removal of at least one function of at least one protocol of at least one service is 
controlled by at least one function of at least one protocol of said service. 



REMARKS 

Several claims have been amended and replacement sheets with clean claims and page 1 are 
enclosed. 

Should the Examiner have any questions or comments regarding the amendments, the Examiner is 
invited to telephone the undersigned at the number listed below. 



Dated: / ^ 
HAYNES AND BOONE, L.L.P. 
901 Main Street, Suite 3100 
Dallas, Texas 75202-3789 
Telephone: 214/651-5634 
Facsimile: 214/651-5940 
File: 12964.20 
D-849620.1 
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